Solved

Generate new doamin users passwords ?

Posted on 2006-11-07
21
274 Views
Last Modified: 2010-03-18
we are migrating our domain from 2000 to 2003, we have created new users accounts and now we need to generate new random passwords for the users?

is there a tool.. script... that can be used to create the random password for the users, since i do not want to reset them all to a common password .

i need to have for each user random password ?

0
Comment
Question by:ajalboush
  • 7
  • 7
  • 5
  • +1
21 Comments
 
LVL 14

Expert Comment

by:inbarasan
ID: 17887541
Dear ajalboush,
You may check this tool
http://www.winguides.com/security/password.php


Cheers!
0
 

Author Comment

by:ajalboush
ID: 17887560
no,

I need to a tool that can be connected to the domain so it take form there the user names and generates new passwords for them then it prints the output which is should be the user name which is taken from the active directory and the password?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 17887959

Do all the users exist already? And are they in a specific place in AD?

I would guess you don't want to just change passwords for absolutely every account as that would include any administrative accounts or service accounts.

Anyway, it's not really very tricky to do, and while I'm sure my password generators aren't really very efficient they will do the job.

Chris
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 70

Expert Comment

by:Chris Dent
ID: 17887979

Oh yes, and any requirements for the passwords? Complexity?

Chris
0
 
LVL 4

Expert Comment

by:tomerlei
ID: 17888041

File.bat:

@echo off
SETLOCAL
FOR /F "delims=" %%i in (file.txt) do call file2.bat %%i

File2.bat:

set password=%TIME:~-2%%TIME:~6,-3%%TIME:~-2%%TIME:~6,-3%
net user %1 %password% /domain
echo Password for %1 is %password%>Passwords.txt

it will use the seconds and the milliseconds to create 8 digit password.
save both files (as file.bat and file2.bat and all user names in file.txt) the output off all users and passwords will be in Passwords.txt
0
 
LVL 4

Expert Comment

by:tomerlei
ID: 17888106
and if you ask how to load all user names in the file.txt file do it like this:
go to Active Directory Users and Computers and select your main user container and go to the Action Menu and choose export list option, exports it to csv, after you finished exporting it you can open the file in excel, copy the users column and past it and a text file (file.txt).

Please ask if you need any further assistance.
0
 
LVL 4

Expert Comment

by:tomerlei
ID: 17888117
Oh, and after all files have been saved to the same directory just run the file.bat to start the process.
0
 

Author Comment

by:ajalboush
ID: 17888145
the users are created and are already exit in specific ou in the AD.
0
 
LVL 4

Expert Comment

by:tomerlei
ID: 17888168
It doesn't matter, so it will only change their passwords, if the user was on the list and is not currently on the ad it will create it.
all using the NET USER command.
0
 

Author Comment

by:ajalboush
ID: 17888177
okay, is this will applied inside the domain, I mean that i have the users already created, and i need the generated password to be changed inside the domain then i need the output ?
0
 

Author Comment

by:ajalboush
ID: 17888195
about the comlexity it  does not matter since i can change the policy.
0
 
LVL 4

Expert Comment

by:tomerlei
ID: 17888210
Yes, you need to be logged on as the domain admin to make it run, and the output will be  on the file Passwords.txt file of which passwords belongs to which user, you will need the output for giving users their passwords.
and just a little fix:

echo Password for %1 is %password%>Passwords.txt

change it to:

echo Password for %1 is %password%>>Passwords.txt
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 17888212

This is a VbScript to change the passwords for everyone within that OU to semi-complex passwords. It will need saving as .vbs and you will need to fix the OU_PATH constant (the generator is definately not the most efficient). The password it sets, the username and the users name are written to a text file called Passwords.txt.

If you want to test it before using it then add a ' in front of "objUser.SetPassword strPassword" and it'll show you what it would have done.

HTH

Chris



' If the User Accounts are in the default Users OU then the path is CN=Users,. Please ensure the trailing comma is in place.

Const OU_PATH = "OU=YourOU,OU=SomeOtherOU,"

Function GeneratePassword()
      Dim intUCharCount, intLCharCount, intNumCount, intPassLen, intRNumber
      Dim strChar, strPass

      Const PASSWORD_LENGTH = 8
      
      intUCharCount = 0
      intLCharCount = 0
      intNumCount = 0
      intPassLen = 0
      
      Do while intPassLen < PASSWORD_LENGTH
            Randomize()
            intRNumber = Int(123 * Rnd() + 1)
            If (intRNumber > 64) and (intRNumber < 91) Then
                  If (intUCharCount <= 3) Then
                        strChar = Chr(intRNumber)
                        strPass = strPass & strChar
                        intUCharCount = intUCharCount + 1
                        intPassLen = intPassLen + 1
                  End If
            End If
            If (intRNumber > 96) and (intRNumber < 123) Then
                  If (intLCharCount <= 3) Then
                        strChar = Chr(intRNumber)
                        strPass = strPass & strChar
                        intLCharCount = intLCharCount + 1
                        intPassLen = intPassLen + 1
                  End If
            End If
            If (intNumCount <= 2) Then
                  Randomize()
                  intRNumber = Int(9 * Rnd() + 1)
                  strChar = CStr(intRNumber)
                  strPass = strPass & strChar
                  intNumCount = intNumCount + 1
                  intPassLen = intPassLen + 1
            End If
      Loop
      GeneratePassword = strPass
End Function

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.CreateTextFile("Passwords.txt")

Set objRootDSE = GetObject("LDAP://RootDSE")
Set objOU = GetObject("LDAP://" & OU_PATH & objRootDSE.Get("defaultNamingContext"))
Set objRootDSE = Nothing

objOU.Filter = Array("user")

For Each objUser in objOU
      strPassword = GeneratePassword()
      objFile.WriteLine objUser.Get("sAMAccountName") & "," & objUser.Get("displayName") & "," & strPassword
      objUser.SetPassword strPassword
Next
0
 

Author Comment

by:ajalboush
ID: 17888221
I did not understand the last step for what ?
0
 
LVL 4

Expert Comment

by:tomerlei
ID: 17888236
To who you did refer the last question?
0
 

Author Comment

by:ajalboush
ID: 17888294
thanx tomerlei,
what if i want to make the password complex, i used the bat file but it always generate numbers, i need it complex ?
0
 

Author Comment

by:ajalboush
ID: 17888414
thanx tomerlei, can you answer me quickly ?
what if i want to make the password complex, i used the bat file but it always generate numbers, i need it complex ?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 17888424

If you need it complex then you need to use something more capable than Batch Files.

The script I posted will create Complex passwords, the only reason I refer to them as semi-complex is that i never wrote in functionality to create passwords with symbols in ($, %, !, @, etc). However, it will provide enough of a mixture of uppercase, lowercase and numeric to qualify as complex.

HTH

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 17888449

Although saying that I'm sure you could do it in Batch, and I'm sure someone has before, may have been oBdA.

Chris
0
 
LVL 4

Accepted Solution

by:
tomerlei earned 250 total points
ID: 17888647
You can change the file2.bat to this:

set num=%TIME:~-1%
if %num%==0 set letter=a
if %num%==1 set letter=b
if %num%==2 set letter=c
if %num%==3 set letter=d
if %num%==4 set letter=e
if %num%==5 set letter=f
if %num%==6 set letter=g
if %num%==7 set letter=h
if %num%==8 set letter=i
if %num%==9 set letter=l
set password=%letter%%TIME:~-2%%TIME:~6,-3%%TIME:~-2%%TIME:~6,-3%
net user %1 %password% /domain
echo Password for %1 is %password% >>Passwords.txt

and it will add a random letter from a to l in each password it generates.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Massive network latency 1 60
Best free website shortner services 2 75
Select which programs use which internet connection 15 70
Running VB/Batch script through Group policy 30 102
Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question